Governance Unit – Business continuity planning with ISO 22301 (4 days)

Understand and implement a business continuity management system through the requirements of ISO 22301

Day 1 morning 

❏ Section 1 – Framing 

❏ Terminology and Definitions 

❏ BCP (Business Continuity Plan) 

❏ DRP (Disaster Recovery Plan) 

❏ PCI (Computer continuity plan) 

❏ IRP (Information Technology Recovery Plan) 

❏ Continuity vs disaster recovery the differences 

❏ Common mistakes related to BCP/RBP 

Day 1 afternoon 

❏ Section 2 – PCA and business 

❏ Understanding the positioning of a BCP in a business strategy 

❏ Alignment of IS risk management with BCP 

❏ Global vision of a BCP project within an organization 

organization 

❏ Insurance of tangible/intangible assets 

❏ Practical Work 1 / State of play

Section 3 – Study of the ISO 22301 standard 

❏ PCA and the normative aspect 

❏ Focus on the international standard ISO 22301 

❏ Understanding the concept of an integrated system 

Day 2 morning 

❏ Section 4 – ISO 22301 “Context 

❏ Understanding the information security needs of the 

needs of the company and its context 

❏ Identification and mapping of the needs and 

expectations of interested parties 

❏ Study of the legal and regulatory requirements 

requirements 

❏ Identification of the field of application of the SMCA 

❏ Practical Work 2 / Legal and regulatory requirements 

Jour 2 après-midi 

❏ Section 5 – ISO 22301 “Leadership” 

❏ Management commitment 

❏ Establishment of a business continuity 

policy 

❏ Definition and assignment of roles, responsibilities and authority within the SMCA 

❏ Section 6 – ISO 22301 “Planning” 

❏ Planning of actions to address different risks and opportunities 

❏ Definition of business continuity objectives 

associated with plans to achieve them 

❏ Practical Work 3 / Business continuity objective 

 

Day 3 morning

❏ Section 7 – ISO 22301 “Support” 

❏ Resource allocation in SMCA 

❏ Skills management 

❏ Awareness raising 

❏ Communication management 

❏ Implementation of document life cycle

Day 3 afternoon 

❏ Section 8 – ISO 22301 “Operation” 

❏ Management of operational planning 

❏ Business impact analysis 

❏ Practical Work 4 / DIMA 

Day 4 morning 

❏ Risk assessment 

❏ Practical Work 5 / EBCA 

❏ Implementation of business continuity strategy 

❏ Establishment of business continuity procedures 

procedures 

Day 4 afternoon

❏ Practical work 6 / DIMA/EBCA Business continuity plan 

❏ Practical Work 7 / Exercises and tests 

❏ Section 9 – ISO 22301 “Performance evaluation” 

❏ Monitoring, measurement 

❏ Analysis and evaluation 

❏ Internal audit of the SMCA 

❏ Implementation of management review 

❏ Practical Work 8 / Continuity management indicator 

 

Day 5 

❏ Section 10 – ISO 22301 “Improvement” 

❏ Non-conformity studies 

❏ Corrective actions 

❏ Continuous improvement 

❏ Practical Work 9 / BCP/RAP scenario